Kenlyn Services Limited

Do you have antivirus software installed? Is it updated? How about antispyware protection? Do you have a personal firewall protecting your PC? Do you have some sort of antiphishing program or phishing scam filter? Surely you have antispam protection. Are you sure???

A recent study by Symantec showed that a majority of PC users do, in fact, have antivirus and antispyware software installed and updated. However, many did not have a personal firewall or spam protection. That is not the worst part though. The worst part is that they thought they did.

It is one thing to be unprotected. As long as you know you are, then you can at least exercise caution or be more on guard about the types of threats you might be vulnerable to. It is entirely a different story for users to think they have security protection they do not. It can taint the way they use their PC or the cavalier attitude they might have to surfing the Web. As long as they act as if they have security measures in place that aren't really there, they are at greater risk.

I think that some may not understand all of the bells and whistles of their security software and may wrongly assume that those features they don't understand must be taking care of those threats they also don't understand. But, not all security software is packaged as a suite, and not all suites are created equally. Take a minute to understand what your security software does or does not do, then either invest in the tools to plug the holes, or at least be aware of the fact that you aren't as secure as you had believed.

If its not one thing, its another. That is one of those ridiculous phrases that pretty much goes without saying. Like "wherever you go, there you are." But, in this case it seems appropriate.

Allow me to elaborate. Computers on the Internet are almost constantly bombarded with viruses and other malware- so users employ antivirus software to protect themselves. Email inboxes are constantly flooded with pathetically useless spam- so users employ anti-spam programs and techniques to protect themselves. As soon as you think you have things under control you find out your system has a myriad of spyware and adware programs silently running in the background monitoring and reporting on your computer activity. Hence, "if its not one thing, its another."

The more benign spyware and adware simply monitors and tracks your the sites you visit on the web so that companies can determine the web-surfing habits of their users and try to pinpoint their marketing efforts. However, many forms of spyware go beyond simple tracking and actually monitor keystrokes and capture passwords and other functions which cross the line and pose a definite security risk.

How can you protect yourself from these insidious little programs? Ironically, many users unwittingly agree to install these programs. In fact, removing some spyware and adware might render some freeware or shareware programs useless. Below are 5 easy steps you can follow to try to avoid and, if not avoid, at least detect and remove these programs from your computer system:

1. Be Careful Where You Download: Unscrupulous programs often come from unscrupulous sites. If you are looking for a freeware or shareware program for a specific purpose try searching reputable sites like tucows.com or download.com.

2. Read the EULA: What is an EULA you ask? End User License Agreement. It's all of the technical and legal gibberish in that box above the radio buttons that say "No, I do not accept" or "Yes, I have read and accept these terms". Most people consider this a nuisance and click on "yes" without having read a word. The EULA is a legal agreement you are making with the software vendor. Without reading it you may be unwittingly agreeing to install spyware or a variety of other questionable actions that may not be worth it to you. Sometimes the better answer is "No, I do not accept."

3. Read Before You Click: Sometimes when you visit a web site a text box might pop up. Like the EULA, many users simply consider these a nuisance and will just click away to make the box disappear. Users will click "yes" or "ok" without stopping to see that the box said "would you like to install our spyware program?" Ok, admittedly they don't generally come out and say it that directly, but that is all the more reason you should stop to read those messages before you click "ok".

4. Protect Your System: Antivirus software is somewhat misnamed these days. Viruses are but a small part of the malicious code these programs protect you from. Antivirus has expanded to include worms, trojans, vulnerability exploits, jokes and hoaxes and even spyware and adware. If your antivirus product doesn't detect and block spyware you can try a product like AdAware Pro which will protect your system from spyware or adware in real time.

5. Scan Your System: Even with antivirus software, firewalls and other protective measures some spyware or adware may eventually make it through to your system. While a product like AdAware Pro mentioned in step #4 will monitor your system in real time to protect it, AdAware Pro costs money. The makers of AdAware Pro, Lavasoft, also have a version available for free for personal use. AdAware will not monitor in real time, but you can manually scan your system periodically to detect and remove any spyware. Another excellent choice is Spybot Search & Destroy which is also available for free.

If you follow these five steps you can keep your system protected from spyware proactively and detect and remove any that does manage to get into your system. Good luck!

The following list includes five things you can do to make sure your Windows XP Home edition is secure- including tricks and tips you might need to know in order to follow the advice from the other articles and implement those recommendations on this operating system.

1. Password Protect The Guest Account: This security measure is discussed in Microsoft Windows Security 101. However, it is not an easy or intuitive task in Windows XP Home. If you open the Control Panel and select User Accounts you will see a list of the users that are able to log on to the system. Selecting your own user account you will see an option that says "Assign Password" or, if a password is already assigned, "Change My Password". However, if you select the Guest account your options are limited to "Turn On The Guest Account" or "Turn Off The Guest Account" as the case may be.

Windows XP Home uses the Guest account as an integral part of network file and folder sharing. Using Simple File Sharing, when you share out a file or folder it is accessible to anyone who can "see" your computer. If you don't have other security measures in place such as a firewall that means that users on the public Internet may be able to connect to your share using the Guest account.

Even if you select "Turn Off The Guest Account" it will only be turned off in terms of its ability to log on directly to Windows. In the background, the account will still be functional because Windows XP Home uses the Guest account to authenticate users connecting remotely to shared resources on that machine. It is virtually impossible to truly disable the Guest account and doing so would cause a number of problems on a Windows XP Home computer.

So, in order to protect your system and ensure that not just anybody can connect to your file or folder shares- even when using Simple File Sharing- you need to assign a password to the Guest account. Because Windows XP Home offers no "easy" point and click solution to help you, you will have to use the command prompt. Click on Start, then All Programs, then Accessories and finally select Command Prompt. Once you have the black command prompt window open you will type the following:

• net user guest <password>

You will of course replace the brackets and the word "password" with the password you wish to assign. Refer to the Password Security article for tips on choosing a good password.

2. Enable The Internet Connection Firewall (ICF): Microsoft Windows XP - both Home and Professional editions- come with a built-in firewall. Unfortunately, it is not enabled by default so you have to know enough to go in and turn it on. For the record, I actually recommend that you leave ICF disabled and install a 3rd-party firewall such as Zone Labs ZoneAlarm which has a version available for free for personal use.

The advantage of using a 3rd-party product like ZoneAlarm is that it monitors both inbound and outbound traffic. ICF only monitors and blocks inbound traffic. That is great for protecting you from external hacking or malicious activity, however it will not protect you from situations where a virus or Trojan on your system attempts to initiate unauthorized or malicious network activity out from your computer.

In any event, ICF is better than nothing. It is free and it is built in. So, if you choose not to download and install a 3rd-party product you should at least turn on the Internet Connection Firewall. To enable ICF you need to select Network and Internet Connections from the Control Panel. Then select the Network Connections icon at the bottom of the screen.

At this point you need to right-click the network connection you want to enable ICF on. For most home users there should only be one network connection present. Simply right-click it and select Properties. Click on the Advanced tab and click the checkbox next to "Protect my computer...".

Once you enable ICF, the Settings button at the bottom of the Advanced tab will be enabled as well. If you click on Settings you can configure ICF to allow certain traffic through and what sorts of information you want logged. Most users will be fine leaving this on the default settings.

Whether you use ICF or some 3rd-party firewall, be aware that should you suddenly start experiencing problems connecting with certain sites, computers on your network or the Internet as a whole- your firewall is the first place you should look. Odds are there is some firewall rule that is blocking traffic you would rather allow.

3. Use Private Folders To Protect Data: As mentioned in Step 1 above, Windows XP Home uses something called Simple File Sharing for sharing files, folders and other resources. When you mark a file or folder as Shared, anyone who can get to your computer can access the share and the data it contains because of how Windows XP Home uses the Guest account and its blank password (unless you have followed the information in Step 1) to grant access. Windows XP Home does not allow for more customized file and folder sharing like you would find in Windows 2000 or in Windows XP Professional (with Simple File Sharing disabled).

Windows XP Home does offer the polar opposite of sharing though- marking a folder Private. If you mark a folder as Private the contents of that folder and any sub-folders will be accessible only by you.

To make the most of this feature it helps if you keep all of your personal or confidential data in one place so that you can just mark the one folder as Private rather than having to scour the computer looking for various folders you might want to keep Private. Your User Account folder under Documents and Settings which contains your My Documents folder, your Favorites and other personal configuration data for Windows is marked Private by default in Windows XP Home.

To mark a folder as private you need to right-click on it and select Sharing and Security. On the Sharing tab click the checkbox that says "Make This Folder Private". If the folder is owned by another user or by the operating system itself this option will be grayed out. You may also see a checkmark inthe box that is grayed out if the folder is a sub-folder of a different folder already marked as Private.

4. Use Limited Accounts For Everyday Use: Windows 2000 and Windows XP Professional offer a number of different user account types and also provide a means to create your own custom user account types. Windows XP Home essentially offers two choices- Administrator and Limited. The Administrator account has essentially full control over anything and everything on the computer. The Limited account can use the computer, but is extremely restricted in its ability to install software or alter system configurations in any way.

One of the primary reasons for using the Limited account is to protect the system from yourself. It's possible that a family member with Administrator access can accidentally change or delete critical information on the computer. It is also possible that someone with an Administrator account may have their account hacked or become infected with a virus or worm of some sort. Typically, the attacker or malware will be able to wreak havoc on the system using the access privileges of the account that has been compromised. So, it makes sense to save your Administrator account for when it is needed, but use Limited accounts for everyday use by most users.

To choose an account type in Windows XP Home click on User Accounts in the Control Panel. Once you select a user you can click on the "Change My Account Type" button. You will be able to choose between Administrator and Limited and can see a brief description of the abilities of each account type. You are required to have at least one Administrator account, so be sure to leave or create one- but save it for use when necessary and stick to using Limited accounts wherever possible.

5. Upgrade to Windows XP Professional: I realize that switching operating systems isn't exactly helpful for securing the one you have. However, it is truly my best recommendation for someone using Windows XP Home edition that wants to ensure a high degree of security on their system.

The Simple File Sharing "feature" which doesn't let you protect individual files or select which users can simply read the file vs. which ones can change or delete it turns out to be a feature you may not want if you're trying to be secure.

Windows XP Home lets you mark folders and their data as Private, but does not include support for EFS (Encrypted File System) which you can use in Windows 2000 and in Windows XP Professional to encrypt your data for even more protection from unauthorized access.

These are just a couple of reasons. The bottom line is that it seems that Microsoft did not have security in mind when selecting the features and options to include in Windows XP Home. Users who truly want to be secure (and don't want to switch to Linux or another operating system entirely) should move to Windows XP Professional

For the curious hacker who has somehow gained access to your computer system this is the equivalent of locking your door and leaving the key under the doormat. Without even resorting to any specialized tools a hacker can discover your basic personal information- name, children’s names, birthdates, pets names, etc. and try all of those out as potential passwords.

To create a secure password that is easy for you to remember, follow these simple steps:

1. Do not use personal information. You should never use personal information as a part of your password. It is very easy for someone to guess things like your last name, pet's name, child's birth date and other similar details.
2. Do not use real words. There are tools available to help attackers guess your password. With today's computing power, it doesn't take long to try every word in the dictionary and find your password, so it is best if you do not use real words for your password.
3. Mix different character types. You can make a password much more secure by mixing different types of characters. Use some uppercase letters along with lowercase letters, numbers and even special characters such as '&' or '%'.
4. Use a passphrase. Rather than trying to remember a password created using various character types which is also not a word from the dictionary, you can use a passphrase. Think up a sentence or a line from a song or poem that you like and create a password using the first letter from each word.

   For example, rather than just having a password like 'yr$1Hes', you could take a sentence such as "I like to read the About.com Internet / Network Security web site" and convert it to a password like 'il2rtA!nsws". By substituting the number '2' for the word 'to' and using an exclamation point in place of the 'i' for 'Internet', you can use a variety of character types and create a secure password that is hard to crack, but much easier for you to remember.

5. Use a password management tool. Another way to store and remember passwords securely is to use some sort of password management tool. These tools maintain a list of usernames and passwords in encrypted form. Some will even automatically fill in the username and password information on sites and applications.

Using the tips above will help you create passwords that are more secure, but you should still also follow the following tips:

• Use different passwords. You should usea different username and password for each login or application you are trying to protect. That way if one gets compromised the others are still safe. Another approach which is less secure, but provides a fair tradeoff between security and convenience, is to use one username and password for sites and applications that don't need the extra security, but use unique usernames and more secure passwords on sites such as your bank or credit card companies.
• Change your passwords. You should change your password at least every 30 to 60 days. You should also not re-use a password for at least a year.
• Enforce stronger passwords: Rather than relying on every user of the computer to understand and follow the instructions above, you can configure Microsot Windows password policies so that Windows will not accept passwords that don't meet the minimum requirements.

Here's How:

1. Click on Tools on the menu bar at the top of Internet Explorer
2. Click on Internet Options from the Tools drop-down menu
3. When Internet Options opens up, click on the Security tab
4. Internet Explorer begins by categorizing sites into either Internet, Local Intranet, Trusted Site or Restricted Site zones. You can specify the security settings for each zone. Select the zone you wish to configure.
5. You can use the Default Level button to select from the pre-defined security settings Microsoft set up in Internet Explorer. See Tips for details of each setting.
6. MEDIUM is most appropriate for the majority of Internet surfing. It has safeguards against malicious code, but is not so restrictive as to prohibit you from viewing most web sites.
7. You can also click on the Custom Level button and alter individual settings, starting with one of the Default levels as a baseline and then changing specific settings.

Tips:

1. LOW -Minimal safeguards and warning prompts are provided -Most content is downloadable and run without prompts -All active content can run -Appropriate for sites that you absolutely trust
2. MEDIUM-LOW -Same as Medium without prompts -Most content will be run without prompts -Unsigned ActiveX controls will not be downloaded -Appropriate for sites on your local network (Intranet)
3. MEDIUM -Safe browsing and still functional -Prompts before downloading potentially unsafe content -Unsigned ActiveX controls will not be downloaded -Appropriate for most Internet sites
4. HIGH -The safest way to browse, but also the least functional -Less secure features are disabled -Appropriate for sites that might have harmful content

These days, most teenagers are on MSN, KaZzA and MySpace messing up their parents computers for us to fix. One of the common infections that teenagers often end up with are MSN Messenger worms. These worms send messages to all the people on their contact list with a message like this. MSN Virus Cleaner can help remove these worms.

MSN Virus Cleaner is a freeware, portable tool to remove MSN Messenger worms and viruses, and fix many MSN Messenger error codes.

To use MSN Virus Cleaner:

• Close MSN Messenger
• Download and Install the .NET Framework 2 if you haven’t already
• Download and Save MSN Cleaner to your hard drive
• Run MSN Virus Cleaner, allow it to update, press “Scan” and wait for it to finish
• Restart the computer

Screenshots:

Downloads:
Download from Official Site - 236kb

1. Download a copy of the free Process Explorer
2. Extract the downloaded Process Explorer to a folder on your desktop (or some other easy to access location).
3. Open Process Explorer by double-clicking the procexp.exe file located in the folder to which you extracted the file.
4. From within Process Explorer, locate the smss process, right click the smss process and select Kill Process from the drop down menu that results.
5. Next, locate the Winlogon process, right click the Winlogon process and select Kill Process from the drop down menu that results.
6. Choose File, then Exit to close the Process Explorer. When you've completed your tasks, rebooting the system will restore the smss and winlogon processes

Downloads:
Download from Official Site -80kb

A problem has been reported by various sites about a recent update of the AVG antivirus software. The update incorrectly deletes a critical file in Windows XP.

The PC could no longer boot without the system file that it deletes which is user32.dll. The company admitted that it was detected as a false positive and that some users on the AVG forums offered step-by-step solutions. The solution requires the Windows installation disk.

The spokesman said, “We have immediately released a new virus update (270.9.0/1778) that removes the false positive detection on this file. Please update your AVG and check your files again.”

Source: Vnunet.com

Sophos has detected a malware about mind multi-vitamins. The worm, detected as W32/AutoRun-RY, copies itself to more than 150 locations in a user’s hard drive and also on removable devices.

The blog entry at Sophos posted the whole message of the spam. Zoe Markham, the author of the blog entry at Sophos, notes that the worm author got a little bored or distracted towards the end. He also mentions that the name, mind multivitamins, was a new one to him.

The worm author refers to his worm as harmless.

Source: Sophos

A social engineering scam has been detected which is about the Bank of America.

When users click the link on their emails, they will be redirected to a site which asks them to download an updated Flash player. A screen shot is included in the article at F-Secure which shows the site and the pop-up save message.  The filename in the pop-up is Adobe_Player9.exe and it is 3.1 kb.

When that file is executed, it will download a trojan which steals confidential information.

Source: F-Secure

F-Secure has an article about a worm which targets sites such as bebo.com and facebook.com

The author of the article, Christine, posted some sample comments such as “Are you sure this is your first acting experience?” and “is it u there?”

Each comment contain a link which points to Yuotube, not Youtube. The site will ask the user to update their Adobe Flash player but the update is actually a worm which is detected as Net-Worm:W32/Koobface.CY.

The other websites that the Koobface worm targets are myyearbook.com, blackplanet.com, myspace.com, and friendster.com.

Source: F-Secure

The worm Conficker also affects the next Windows operating system according to an article that was posted today at The Register.

It attempts to spread on a network and it also affects removable drives using a file called autorun.inf.

The trick that the worm uses is that it shows up as folder but  if a user clicks on it, the file will actually run the worm’s viral payload.

The author notes that there may still be time to modify the AutoPlay functionality in Windows 7 to stop this kind of attacks.

Source: The Register

The worm Downandup, Conficker, or Kido!, has affected 3.5 million computers with Windows operating systems according to various tech sites.

It targets the vulnerability in Microsoft’s server service which was patched in October 2008. It resets the System Restore point of the affected machine which means that administrators could not delete it.

The article at topnews.us notes that the worm shields itself by disabling Windows security, networking, and updating.

“The vulnerability is potentially wormable on older versions of Windows, XP and earlier; we’re encouraging customers to test and deploy the update as soon as possible,” said a security program manager at Microsoft.

Source: TOPNEWS

A blog entry in F-Secure.com warn users to watch out for illegitimate Barack Obama sites. It includes various images about the fake sites.

The first screen shot is an example of what the spam that people may receive to get them to visit a fake Obama site. The message is very brief.

The next image shows a screen shot of one of the fake sites. The article notes that all the links point to speech.exe which is a Waledec malware variant.

The author also notes other fake domain names.

Source: F-Secure

Fake Obama Sites

Sophos posted a blog entry today about a new sample of Conficker worm. The worm uses Autorun.info to spread by USB and remote/detachabble drives. It is detected as W32/Confick-D.

The entry includes two screenshots. One showing what Autorun.inf for W32/Confick-D looks like after removing the word ‘garbage’.

The second screenshot shows a german sample. The phrase/action ‘Open folder…’ is  replaced.

The author of the entry, Pob, notes that this is the first time that that his team have seen Autorun.inf is being generated dynamically.

Source: Sophos

A new version of QuickTime is now available for both Mac OS X and Windows users. Version 7.6 fixes at least seven security vulnerabilities according to an article at The Washington Post’s website.

The article also mentions that a QuickTime flaw was the third and fourth most-attacked web browser vulnerability. The data is based on the first half of 2008.

Users can download it at Apple’s website or through the Software Update program.

An attacker can infect a user’s computer by tricking the user to view a streaming media file or a specially-crafted movie.

Source: The Washington Post

Due to the worm called Downadup, Microsoft security watchers posted instructions on how to disable the Autorun feature in Windows.

The right way to disable them include changing registry settings. The article at The Register hints that this step may not be easy to novice computer users.

Microsoft had an older article with instructions on how to disable the feature but they “are not fully effective” and “could be considered a vulnerability.”

The feature was also in the news in 2005 about the Sony rootkit. Users who played certain Sony BMG CDs were infected by digital rights management (DRMs).

Source: The Register

A new spam about Facebook has been reported by The Register. It notifies a user that he or she has been reported for violation of the site’s terms of service. It includes a link to an application named “f a c e b o o k - - closing down!!!”. After a user installs the software, it will spam the friends of the user with the same message.

The spam started on Thursday and it already spawned a lot of Facebook users. This is the second Facebook spam this week.

The senior security advisor at Trend Micro said, “These two events in just a single week mean that it’s about time that Facebook reviews its application hosting policy.”

Source: The Register